1. Field of the Invention
The present invention relates primarily to the field of computer software, and in particular to securely and autonomously synchronizing data in a distributed computing environment.
Portions of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all rights whatsoever.
2. Background Art
Typically, secure data delivery systems are faced with the problem of receiving large amounts of sensitive and classified data, storing it in a database for processing, and distributing current data securely to the intended user while ensuring all users have access to updated data. Frequently, the intended user is not present at the site where the data is accumulated. Thus, the data must be transmitted to the location of the user. If the data is sensitive (e.g., military data), it must be protected from hackers who could alter the data making it unusable or dangerous to use. Additionally, data modified by one user must be reflected in the data possessed by all appropriate users of the system. Prior art methods of secure data delivery are insufficient. This problem can be better understood by a review of data delivery systems.
Data Delivery Systems
In some computer systems, data is gathered at a central location and must be distributed to multiple users in different locations. For example, a typical National Aeronautics and Space Administration (NASA) mission involves scientists located all over the globe. Many of those scientists are not able to stay at mission control for the entire duration of the mission. Thus, data must be transmitted to the scientists involved who cannot be present at mission control.
In other examples, such as commanding robotic mining vehicles, robotic arms for delicate surgeries or robotic agricultural vehicles, there is a need to convey precise, secure, and real time information from the user to the vehicle or vice-versa. In one example, an engineer is on surface while the robotic mining vehicle is miles below the surface or in a different location. Secure communication is needed to transmit accurate mining conditions to the engineer and to send appropriate actions to the robotic mining vehicle. If the data transmission is not secure, a malicious individual could alter the data to cause actions which would harm the robotic mining vehicle.
In another example, a surgeon may be in a different location as a patient. Secure communication is needed to transmit precise and secure instructions to the robotic arm based on precise and secure information securely transmitted to the surgeon. If the data transmission is not secure, a malicious individual could alter the data to cause actions which would harm the patient. Similarly, in another example, a robotic agricultural vehicle is manned by a farmer at a location which is several miles away from the farm. Secure communication is needed to transmit instructions regarding speed of the vehicle, and height of the cutting blade depending on information securely transmitted to the farmer from sensors placed on the vehicle. If the data transmission is not secure, a malicious individual could alter the data to cause actions which would harm the robotic agricultural vehicle.
Data Security
In some instances, it is desirable to transmit data securely. Secure transmission prevents an unintended user from reading or altering the transmitted data. One prior art method of secure data delivery involves dedicated lines of transmission. However, data transmission systems which use dedicated transmission lines are expensive. Additionally, the dedicated lines must be physically secure. If the dedicated lines are not physically secure, an unauthorized individual can add a device to the dedicated line and read or alter the transmitted data.
Some less expensive prior art data delivery systems use the Internet as a means of transmitting data. However, information sent via the Internet is typically insecure. The lack of security of the Internet and the expense of dedicated lines frequently discourage implementation of secure data transmission systems. For example, NASA sometimes does not distribute classified mission data and, instead, requires scientists to be present at mission control.
Cryptographic Systems
A cryptographic system is a system for sending a message from a sender to a receiver over a medium so that the message is xe2x80x9csecurexe2x80x9d, that is, so that only the intended receiver can recover the message. Additionally, cryptographic systems authenticate messages. Authenticating a message means determining whether the message is actually from the purported sender.
A cryptographic system converts a message, referred to as xe2x80x9cplaintextxe2x80x9d into an encrypted format, known as xe2x80x9cciphertext.xe2x80x9d The encryption is accomplished by manipulating or transforming the message using a xe2x80x9ccipher keyxe2x80x9d or keys. The receiver xe2x80x9cdecryptsxe2x80x9d the message, that is, converts it from ciphertext to plaintext, by reversing the manipulation or transformation process using the cipher key or keys. So long as only the sender and receiver have knowledge of the cipher key, such an encrypted transmission is secure.
A xe2x80x9cclassicalxe2x80x9d cryptosystem is a cryptosystem in which the enciphering information can be used to determine the deciphering information. To provide security, a classical cryptosystem requires that the enciphering key be kept secret and provided to users of the system over secure channels. Secure channels, such as secret couriers, secure telephone transmission lines, or the like, are often impractical and expensive.
A system that eliminates the difficulties of exchanging a secure enciphering key is known as xe2x80x9cpublic key encryption.xe2x80x9d By definition, a public key cryptosystem has the property that someone who knows only how to encipher a message cannot use the enciphering key to find the deciphering key without a prohibitively lengthy computation. An enciphering function is chosen so that once an enciphering key is known, the enciphering function is relatively easy to compute. However, the inverse of the encrypting transformation function is difficult, or computationally infeasible, to compute. Such a function is referred to as a xe2x80x9cone way functionxe2x80x9d or as a xe2x80x9ctrap door function.xe2x80x9d In a public key cryptosystem, certain information relating to the keys is public. This information can be, and often is, published or transmitted in a non-secure manner. Also, certain information relating to the keys is private. This information may be distributed over a secure channel to protect its privacy, (or may be created by a local user to ensure privacy).
A block diagram of a typical public key cryptographic system is illustrated in FIG. 1. A sender represented by the blocks within dashed line (100) sends a plaintext message, Ptxt, to a receiver, represented by the blocks within dashed line (115). The plaintext message is encrypted into a ciphertext message, C, transmitted over some transmission medium and decoded by the receiver (115) to recreate the plaintext message Ptxt.
The sender (100) includes a cryptographic device (101), a secure key generator (102) and a key source (103). The key source (103) is connected to the secure key generator (102) through line (104). The secure key generator (102) is coupled to the cryptographic device (101) through line (105). The cryptographic device provides a ciphertext output, C, on line (106). The secure key generator (102) provides a key output on line (107). This output is provided, along with the ciphertext message (106), to transmitter receiver (109). The transmitter receiver (109) may be, for example, a computer transmitting device such as a modem or it may be a device for transmitting radio frequency transmission signals. The transmitter receiver (109) outputs the secure key and the ciphertext message on an insecure channel (110) to the receiver""s transmitter receiver (111).
The receiver (115) also includes a cryptographic device (116), a secure key generator (117) and a key source (118). The key source (118) is coupled to the secure key generator (117) on line (119). The secure key generator (117) is coupled to the cryptographic device (116) on line (120). The cryptographic device (116) is coupled to the transmitter receiver (111) through line (121). The secure key generator (117) is coupled to the transmitter receiver (111) on lines (122) and (123).
In operation, the sender (100) has a plaintext message, Ptxt, to send to the receiver (115). Both the sender (100) and the receiver (115) have cryptographic devices (101) and (116), respectively, that use the same encryption scheme. There are a number of suitable cryptosystems that can be implemented in the cryptographic devices. For example, they may implement the Data Encryption Standard (DES) or some other suitable encryption scheme.
Sender and receiver also have secure key generators (102) and (117), respectively. These secure key generators implement any one of several well known public key exchange schemes. These schemes, which will be described in detail below, include the Diffie-Helhnan scheme, the RSA scheme, the Massey-Omura scheme, and the ElGamal scheme.
The sender (100) uses key source (103), which may be a random number generator, to generate a private key. The private key is provided to the secure key generator (102) and is used to generate an encryption key, eK. The encryption key, eK, is transmitted on lines (105) to the cryptographic device and is used to encrypt the plaintext message, Ptxt, to generate a ciphertext message, C, provided on line (106) to the transmitter receiver (109). The secure key generator (102) also transmits the information used to convert to the secure key from key source (103) to the encryption key, eK. This information can be transmitted over an insecure channel, because it is impractical to recreate the encryption key from this information without knowing the private key.
The receiver (115) uses key source (118) to generate a private and secure key (119). This private key (119) is used in the secure key generator (117) along with the key generating information provided by the sender (100) to generate a deciphering key, DK. This deciphering key, DK, is provided on line (120) to the cryptographic device (116) where it is used to decrypt the ciphertext message and reproduce the original plaintext message.
Authentication
In addition to protecting the contents of a transmitted message, it is also desired to provide a way to determine the xe2x80x9cauthenticityxe2x80x9d of the message. That is, is the message actually from the purported sender. A scheme for accomplishing this is to append a so-called xe2x80x9cdigital signaturexe2x80x9d to the message. The enciphering transformation fA is used to send a message to user A and fB is the enciphering transformation used to send a message to user B. User A provides a xe2x80x9csignaturexe2x80x9d, P, that may include some specific information, such as the time the message was sent or an identification number. User A transmits the signature as fBfAxe2x88x921 (P). When user B deciphers the message using fBxe2x88x921, the entire message is decoded into plaintext except the signature portion, which remains fAxe2x88x921 (P). User B then applies user A""s public key fA to obtain P. Since P could only have been encrypted by user A (because only user A knows fAxe2x88x921) user B can assume that the message was sent by user A.
Another scheme of digital signature authentication is a generalization of the ElGamal discrete logarithm scheme, using elliptic algebra. Assume a public key ourPub generated with a function of a private key ourPri. The signature is generated by first choosing a random integer, m, of approximately q bits. Next, a point, P=mxc2x0(X1/1), is computed. A message digest function, M, is used to compute an integer, u, that is a function of m, ourPri, and the digested version of the ciphertext message and the computed point, P. The computed pair (u, P) is transmitted as the signature.
At the receiving end, the value of the signature is used to compute the point Q=uxc2x0(X1/1). A point, R, is calculated using P, the digested version of the ciphertext message and P, and myPub. If R and Q do not compare exactly, the signature is not valid (not genuine). The security of this scheme relies on the computational unfeasibility of breaking the elliptic logarithm operation or the hash function, M. A disadvantage of this scheme is that it is computationally intensive, making it complex and slow in operation.
The Diffie-Hellman Scheme
A scheme for public key exchange is presented in Diffie and Hellman, xe2x80x9cNew Directions in Cryptography,xe2x80x9d IEEE Trans. Inform. Theory, vol. IT-22, pp. 644-654, November 1976 (The xe2x80x9cDHxe2x80x9d scheme). The DH scheme describes a public key system based on the discrete exponential and logarithmic functions. If xe2x80x9cqxe2x80x9d is a prime number and xe2x80x9caxe2x80x9d is a primitive element, then X and Y are in a 1:1 correspondence for 1xe2x89xa6X, Yxe2x89xa6(qxe2x88x921) where Y=aXmod q, and X=logaY over the finite field. The first discrete exponential function is easily evaluated for a given a and X, and is used to compute the public key Y. The security of the Diffie-Hellman system relies on the fact that no general, fast algorithms are known for solving the discrete logarithm function X=logaY given X and Y.
In a Diffie-Hellman system, a directory of public keys is published or otherwise made available to the public. A given public key is dependent on its associated private key, known only to a user. However, it is not feasible to determine the private key from the public key. For example, a sender has a public key, referred to as xe2x80x9courPubxe2x80x9d. A receiver has a public key, referred to here as xe2x80x9ctheirPubxe2x80x9d. The sender also has a private key, referred to here as xe2x80x9cmyPrixe2x80x9d. Similarly, the receiver has a private key, referred to here as xe2x80x9ctheirPrixe2x80x9d.
There are a number of elements that are publicly known in a public key system. In the case of the Diffie-Hellman system, these elements include a prime number, p, and a primitive element, g. Both p and g are publicly known. Public keys are then generated by raising g to the private key power (mod p). For example, a sender""s public key, myPub, is generated by the following equation:
myPub=gmyPri(mod p)xe2x80x83xe2x80x83Equation (1) 
Similarly, the receiver""s public key is generated by the equation:
theirpub=gtheirPri(mod p)xe2x80x83xe2x80x83Equation (2) 
Public keys are easily created using exponentiation and modulo arithmetic. As noted previously, public keys are easily obtainable by the public. They are published and distributed. They may also be transmitted over non-secure channels. Even though the public keys are known, it is very difficult to calculate the private keys by the inverse function because of the difficulty in solving the discrete log problem.
In a Diffie-Hellman type system, a prime number, p, is chosen. This prime number, p, is public. Next, a primitive root, g, is chosen. This number, g, is also publicly known. Then, an enciphering key, eK, is generated, the receiver""s public key (theirpub) is raised to the power of the sender""s private key (myPri). That is:
(theirPub)myPri(mod p)xe2x80x83xe2x80x83Equation (3) 
We have already defined theirPub equal to gtheirPri(mod p). Therefore Equation 3 can be given by:
(gtheirPri)myPri(mod p)xe2x80x83xe2x80x83Equation (4) 
This value is the enciphering key eK that is used to encipher the plaintext message and create a ciphertext message. The particular method for enciphering or encrypting the message may be any one of several well known methods. Whichever encrypting method is used, the cipher key is the value calculated in Equation 4. The ciphertext message is then sent to the receiver.
The receiver generates a deciphering key DK by raising the public key of the sender (mypub) to the private key of the receiver (theirPri) as follows:
DK=(myPub)theirPri(mod p)xe2x80x83xe2x80x83Equation (5) 
From Equation 1, myPub is equal to gmyPri(mod p). Therefore:
DK=(gmyPri)theirPri(mod p)xe2x80x83xe2x80x83Equation (6) 
Since (gA)B is equal to (gB)A, the encipher key eK and the deciphering key DK are the same key.
The receiver simply executes the inverse of the transformation algorithm or encryption scheme using the de ciphering key to recover the plaintext message. Because both the sender and receiver must use their private keys for generating the enciphering key, no other users are able to read or decipher the ciphertext message.
Trust in Communication
The current boom in e-commerce relies to a certain extent on our ability to communicate securely. The slow but steady progress of Internet Protocol Security (IPSEC), the ongoing deployment of virtual private network (VPN) firewall technologies and the ever-widening use of Secure Sockets Layer (SSL) for secure transactions over the world-wide web are just a few examples of this.
Part of the ability to communicate securely is the level of trust in the belief that the communicating peers are who they say they are. Encryption ensures that a message cannot be read by intermediaries who pass the message along from sender to receiver or who intercept the message while it travels the path from sender to receiver. However, if the message is being sent to the wrong receiver, message security is compromised. Thus, if a user wishes to send sensitive data (e.g., credit card information) securely over a network, the sender needs to trust that the public key used is actually the public key of the intended receiver and that the intended receiver is what it claims to be.
FIG. 2 illustrates a scenario where a sender (200) wishes to send a secure message to an intended receiver (210) through a network (220). However, a false receiver (230) transmits its public key (240) to the sender across network path A, falsely representing the key as the intended receiver""s public key (250). The sender receives the conflicting keys (260) and chooses the false public key to encrypt and send the message (270). Thus, the intended receiver cannot read the message (280) if passed along network path B, and the false receiver can read the message (290) if passed along network path C.
The ultimate purpose of key management is to assure its users that they are securely communicating with whom they want to communicate, and nobody else. A user of the framework must be able to get satisfying answers to the following questions:
Is the person or service I am talking to really the one it claims to be?
Is there somebody in the middle, relaying everything?
How sure can I be about this?
Public key infrastructures (PKIs) provide a satisfactory answer to the above three questions. Most currently deployed PKIs use centralized and hierarchical models for their trust computations.
Hierarchical Trust Communication
FIG. 3 illustrates the structure of one embodiment of a traditional hierarchically organized PKIs. Node A links to nodes B and C. Node B links to nodes D, E, F, G and H. Node C links to nodes I, J, K, L and M. Each node represents a participant of the network, and each arrow indicates a link from a certificate authority to a participant. Nodes A, B and C form a small hierarchy of certificate authorities which sign public keys. Node A is the root of the certificate authority hierarchy. A key verified as signed by a certificate authority is trusted to be correct. Thus, peers can easily verify message authenticity and communicate securely.
FIG. 4 illustrates a process for a secure communication utilizing a traditional hierarchically organized PKI. At step 400, peer 2 presents a certificate authority with a public key and convinces the certificate authority the binding of that public key to peer 2 is correct. For example, a certificate authority may require peer 2 to go appear at the certificate authority in person with appropriate documents. At step 410, the certificate authority signs peer 2xe2x80x2s public key and returns it to peer 2. At step 420, peer 1 receives the certificate authority""s public key through a secure channel. For example, the certificate authority""s public key is often embedded in a web browser application such as Netscape or Internet Explorer.
At step 430, peer 2 makes its signed public key available from a database. At step 440, peer 1 requests peer 2xe2x80x2s public key from a database. At step 450, peer 1 verifies the signature on peer 2xe2x80x2s public key using the certificate authority""s public key. At step 460, peer 1 encrypts a message using peer 2xe2x80x2s public key. At step 470, peer 1 sends the encoded message to peer 2. At step 480, peer 2 uses its private key to decrypt the message. Since peer 1 verified peer 2xe2x80x2s public key using the certificate authority""s public keey, peer 1 can be sure the message can only be read by peer 2.
Current Data Delivery Systems
As outlined above, current data delivery systems might be made secure, but they suffer various disadvantages. A first disadvantage is that data is not automatically delivered when the data is updated, for instance, in the case of data critical applications such as remote surgery. In addition, the updates must also be secure. Second, the update must be accessible by only the right people and there is no way to control this using current schemes. Finally, the recipients of the data must gain access to the data irrespective of the computing environment they use. Currently, there is no data delivery system that solves any of these three problems.
The present invention is related to securely and autonomously synchronizing data in a distributed computing environment, for instance where multiple computers are at geographically disparate locations. In one embodiment of the present invention, data is distributed from a central server to one or more geographically distributed clients. In another embodiment, data is encrypted and securely transmitted over a computer network. One embodiment uses the Secure Sockets Layer protocol to secure transmitted data. In this embodiment, the data is transmitted via the Internet.
In another embodiment of the present invention, data is distributed in real-time. In this embodiment, data is provided to a user as the data updates without the user making a specific request for updated data. In another embodiment, portions of data are made available to only authorized users. In this embodiment an administrator sets permissions to control which data is transmitted to a user.
In another embodiment, the transmission of data is secure bi-directionally. In this embodiment, data transmitted to a user from a central location is secure and data transmitted to a central location from a user is secure. In yet another embodiment, data is securely transmitted to a user independent of the platform on the user""s machine. In this embodiment, the software that controls the data delivery system is written in a platform independent programming language, such as Java.